# 🔐 Custom HMAC Implementation

A comprehensive implementation of Hash-based Message Authentication Code (HMAC) using custom SHA-2 and SHA-3 family hash functions.

## 📋 Overview

This project implements HMAC (Hash-based Message Authentication Code) as defined in **RFC 2104** and **FIPS PUB 198-1**, using custom implementations of various cryptographic hash functions from the SHA-2 and SHA-3 families. The implementation has been thoroughly tested and verified against Python's standard `hashlib` HMAC implementation.

## 🔑 What is HMAC?

HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It provides both data integrity and authenticity verification.

### Key Features:
- **Authentication**: Verifies the sender's identity
- **Integrity**: Ensures message hasn't been tampered with  
- **Non-repudiation**: Sender cannot deny sending the message
- **Efficiency**: Fast computation using underlying hash functions

## 🏗️ Architecture

### Core Algorithm
The HMAC algorithm follows this structure:
```
HMAC(K, m) = H((K ⊕ opad) || H((K ⊕ ipad) || m))
```

Where:
- `K` is the secret key
- `m` is the message
- `H` is the hash function
- `opad` is the outer padding (0x5c repeated)
- `ipad` is the inner padding (0x36 repeated)
- `||` denotes concatenation
- `⊕` denotes XOR operation

## 🛠️ Implementation Details

### Custom Hash Functions Used
- **SHA-2 Family**: SHA-224, SHA-256, SHA-384, SHA-512
- **SHA-3 Family**: SHA3-224, SHA3-256, SHA3-384, SHA3-512
- **SHAKE Functions**: SHAKE128, SHAKE256 (Extendable Output Functions)

### Key Components

#### 1. Generic HMAC Function
```python
def generalized_hmac(key: str, message: str, hash_fn, block_size: int, outlen: int = None) -> str
```
- Supports any hash function with configurable block sizes
- Handles variable output lengths for SHAKE functions
- Returns hexadecimal digest

#### 2. SHAKE Handling
Special implementation for SHAKE128 and SHAKE256 due to their extendable output nature:
- SHAKE128: Block size = 168 bytes
- SHAKE256: Block size = 136 bytes
- Default output length: 64 bytes (512 bits)

## 📊 Supported Configurations

| Hash Function | Block Size (bytes) | Output Length | Status |
|---------------|-------------------|---------------|---------|
| SHA-224       | 64                | 28 bytes      | ✅ Verified |
| SHA-256       | 64                | 32 bytes      | ✅ Verified |
| SHA-384       | 128               | 48 bytes      | ✅ Verified |
| SHA-512       | 128               | 64 bytes      | ✅ Verified |
| SHA3-224      | 144               | 28 bytes      | ✅ Verified |
| SHA3-256      | 136               | 32 bytes      | ✅ Verified |
| SHA3-384      | 104               | 48 bytes      | ✅ Verified |
| SHA3-512      | 72                | 64 bytes      | ✅ Verified |
| SHAKE128      | 168               | Variable      | ✅ Verified |
| SHAKE256      | 136               | Variable      | ✅ Verified |

## 🧪 Testing Framework

### Comprehensive Test Suite
The implementation includes **310 test cases** (31 test vectors × 10 hash functions) covering:

#### Edge Cases:
- ✅ Empty keys and messages
- ✅ Keys longer than block size (requiring hashing)
- ✅ Keys shorter than block size (requiring padding)
- ✅ Binary data with control characters
- ✅ Unicode and emoji characters
- ✅ Very long keys and messages (>1000 characters)

#### Data Types:
- 📝 Plain text messages
- 🔢 Numeric data
- 🌍 Unicode/UTF-8 characters
- 🎯 Special characters and symbols
- 📋 JSON formatted data
- 📄 Multi-line text with newlines

#### Verification Method:
All outputs are cross-verified against Python's standard `hashlib.hmac` implementation to ensure correctness.

## 🚀 Usage Example

```python
# Import custom hash functions
from SHA_256 import generalized_SHA256 as SHA256
from SHA_3 import sha3_256

# Calculate HMAC-SHA256
key = "secret_key"
message = "Hello, World!"
hmac_result = generalized_hmac(key, message, SHA256, 64)
print(f"HMAC-SHA256: {hmac_result}")

# Calculate HMAC-SHA3-256  
hmac_sha3 = generalized_hmac(key, message, sha3_256, 136)
print(f"HMAC-SHA3-256: {hmac_sha3}")
```

## 🔬 Technical Specifications

### Key Processing:
1. **Key > Block Size**: Hash the key and use result as new key
2. **Key < Block Size**: Pad with zeros to block size  
3. **Key = Block Size**: Use key as-is

### Padding Constants:
- **Inner Pad (ipad)**: `0x36` repeated for block size
- **Outer Pad (opad)**: `0x5c` repeated for block size

### Security Considerations:
- Keys should be at least as long as the hash output
- Use cryptographically secure random key generation
- Protect keys from unauthorized access

## 📚 References

1. **RFC 2104**: "HMAC: Keyed-Hashing for Message Authentication" - Krawczyk, Bellare, Canetti (1997)
2. **FIPS PUB 198-1**: "The Keyed-Hash Message Authentication Code (HMAC)"
3. **RFC 6234**: "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)"
4. **NIST SP 800-185**: "SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash"

## 🏆 Test Results

```
🔍 Testing HMAC-SHA-224: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHA-256: ✅ PASSED (31/31 tests) 
🔍 Testing HMAC-SHA-384: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHA-512: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHA3-224: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHA3-256: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHA3-384: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHA3-512: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHAKE128: ✅ PASSED (31/31 tests)
🔍 Testing HMAC-SHAKE256: ✅ PASSED (31/31 tests)
```

**Total: 310/310 tests passed ✅**

## 📁 Project Structure

```
HMAC-Implementation/
├── HMAC.ipynb              # Main implementation notebook
├── SHA_224.py              # Custom SHA-224 implementation  
├── SHA_256.py              # Custom SHA-256 implementation
├── SHA_384.py              # Custom SHA-384 implementation
├── SHA_512.py              # Custom SHA-512 implementation
├── SHA_3.py                # Custom SHA-3 family implementations
└── README.md               # This file
```

## 🎯 Key Achievements

- ✅ **100% Test Coverage**: All 310 test cases pass
- ✅ **Standard Compliance**: Matches `hashlib.hmac` output exactly
- ✅ **Multiple Hash Functions**: Supports 10 different hash algorithms
- ✅ **Edge Case Handling**: Robust handling of all input types
- ✅ **Performance**: Efficient implementation with proper key processing
- ✅ **Documentation**: Comprehensive documentation and testing

## 🔐 Security Note

This implementation is for educational and research purposes. For production use, always prefer well-established, audited cryptographic libraries.

---

*Implementation verified against Python's standard library • All test vectors pass • RFC 2104 compliant*

**The below imports are from my custom SHA implementations which I have done . You can find those modules in the HMAC folder of this repository . 
Basically they are just .ipynb notebooks from the SHA-ALGORITHMS directory to .py module so that we can import and use them . These are custom and scratch implementations**

In [4]:
from SHA_224 import generalized_SHA224 as SHA224
from SHA_256 import generalized_SHA256 as SHA256
from SHA_384 import generalized_SHA384 as SHA384
from SHA_512 import generalized_SHA512 as SHA512
from SHA_3 import sha3_224 , sha3_256, sha3_384, sha3_512 , shake128 , shake256 , keccak_224 , keccak_256 , keccak_384 , keccak_512 
import hashlib
import hmac

In [5]:
# HMAC FUNCTION
def generalized_hmac(key: str, message: str, hash_fn, block_size: int, outlen: int = None) -> str:
    """
    Generic HMAC for any hash function returning hex string.
    For SHAKE variants, specify outlen in bytes.
    """
    opad = 0x5c
    ipad = 0x36

    key_bytes = key.encode("utf-8")
    msg_bytes = message.encode("utf-8")

    if len(key_bytes) > block_size:
        digest = hash_fn(key_bytes) if outlen is None else hash_fn(key_bytes, outlen * 8)
        key_bytes = bytes.fromhex(digest)

    if len(key_bytes) < block_size:
        key_bytes += b"\x00" * (block_size - len(key_bytes))

    o_key_pad = bytes([b ^ opad for b in key_bytes])
    i_key_pad = bytes([b ^ ipad for b in key_bytes])

    inner = i_key_pad + msg_bytes
    inner_digest = hash_fn(inner) if outlen is None else hash_fn(inner, outlen * 8)
    outer = o_key_pad + bytes.fromhex(inner_digest)
    return hash_fn(outer) if outlen is None else hash_fn(outer, outlen * 8)

# HANDLES SHAKE SEPARATELY
# For SHAKE, we need to handle the output length separately
def std_hmac_reference(key: bytes, msg: bytes, digestmod, outlen=None):
    """
    Standard HMAC using hashlib.
    Handles SHAKE separately.
    """
    if digestmod in (hashlib.shake_128, hashlib.shake_256):
        block_size = 168 if digestmod == hashlib.shake_128 else 136
        if len(key) > block_size:
            key = digestmod(key).digest(outlen)
        if len(key) < block_size:
            key += b"\x00" * (block_size - len(key))
        o_key_pad = bytes([b ^ 0x5c for b in key])
        i_key_pad = bytes([b ^ 0x36 for b in key])
        inner = digestmod(i_key_pad + msg).digest(outlen)
        outer = digestmod(o_key_pad + inner).digest(outlen)
        return outer.hex()
    else:
        return hmac.new(key, msg, digestmod).hexdigest()

# EXHAUSTIVE TESTING FOR ALL HMAC VARIANTS 
def test_all_hmac_variants():
    test_cases = [
    ("key", "message"),
    ("shortkey", "shortmsg"),
    ("a" * 64, "b" * 64),
    ("secret", "The quick brown fox jumps over the lazy dog"),
    ("prasanna" * 8, "prasanna" * 5),
    ("this_is_a_long_key_" * 4, "short"),
    ("", "non-empty message here"),
    ("non-empty-key", ""),
    ("", ""),
    ("\x00\x01\x02\x03key123", "binary message \x04\x05\x06"),
    ("k" * 1000, "m" * 2000),
    ("doc-key", "Line1\nLine2\nLine3\nEndOfMessage"),
    ("json_key", '{"name": "HMAC Test", "valid": true, "items": [1,2,3,4]}'),
    ("🔐SecretKey🔐", "Message with emoji 😊🔥✨"),
    ("QWxhZGRpbjpPcGVuU2VzYW1l", "SGVsbG8sIHdvcmxkIQ=="),
    ("key_with_special_chars!@#$%^&*()", "message_with_special_chars!@#$%^&*()"),
    ("key_with_unicode_😊", "message_with_unicode_🔥✨"),
    ("long_key_" + "x" * 1000, "long_message_" + "y" * 2000),
    ("key_with_newline\n", "message_with_newline\n"),
    ("key_with_tab\t", "message_with_tab\t"),
    ("key_with_carriage_return\r", "message_with_carriage_return\r"),
    ("key_with_non_ascii_©®", "message_with_non_ascii_™£¥"),
    ("key_with_control_chars\x01\x02\x03", "message_with_control_chars\x04\x05\x06"),
    ("key_with_utf8_🌍🚀", "message_with_utf8"),
    ("key_with_long_repeated_pattern" * 10, "message_with_long_repeated_pattern" * 5),
    ("key_with_mixed_case", "Message with Mixed CASE and special chars !@#$%^&*()"),
    ("key_with_numbers_1234567890", "message_with_numbers_0987654321"),
    ("key_with_spaces and tabs\t", "message with spaces and tabs\t"),
    ("key_with_unicode_🌟✨", "message with unicode 🌈🌟"),
    ("key_with_empty_string", ""),
    ("", "message with empty key"),
]


    configs = [
        ("SHA-224", SHA224, hashlib.sha224, 64, None),
        ("SHA-256", SHA256, hashlib.sha256, 64, None),
        ("SHA-384", SHA384, hashlib.sha384, 128, None),
        ("SHA-512", SHA512, hashlib.sha512, 128, None),
        ("SHA3-224", sha3_224, hashlib.sha3_224, 144, None),
        ("SHA3-256", sha3_256, hashlib.sha3_256, 136, None),
        ("SHA3-384", sha3_384, hashlib.sha3_384, 104, None),
        ("SHA3-512", sha3_512, hashlib.sha3_512, 72, None),
        ("SHAKE128", shake128, hashlib.shake_128, 168, 64),  
        ("SHAKE256", shake256, hashlib.shake_256, 136, 64),  
    ]

    for name, custom_fn, lib_fn, block_size, outlen in configs:
        print(f"\n🔍 Testing HMAC-{name}")
        all_passed = True
        for key, msg in test_cases:
            our_hmac = generalized_hmac(key, msg, custom_fn, block_size, outlen)
            std_hmac = std_hmac_reference(key.encode(), msg.encode(), lib_fn, outlen)
            match = our_hmac.lower() == std_hmac.lower()
            print(f"Key='{key[:8]}...', Msg='{msg[:8]}...': {'✅' if match else '❌'}")
            if not match:
                print(f"  Our HMAC:  {our_hmac}")
                print(f"  Std HMAC:  {std_hmac}")
                all_passed = False
        print(f"{'✅ PASSED' if all_passed else '❌ FAILED'}")


test_all_hmac_variants()



🔍 Testing HMAC-SHA-224
Key='key...', Msg='message...': ✅
Key='shortkey...', Msg='shortmsg...': ✅
Key='aaaaaaaa...', Msg='bbbbbbbb...': ✅
Key='secret...', Msg='The quic...': ✅
Key='prasanna...', Msg='prasanna...': ✅
Key='this_is_...', Msg='short...': ✅
Key='...', Msg='non-empt...': ✅
Key='non-empt...', Msg='...': ✅
Key='...', Msg='...': ✅
Key=' key1...', Msg='binary m...': ✅
Key='kkkkkkkk...', Msg='mmmmmmmm...': ✅
Key='doc-key...', Msg='Line1
Li...': ✅
Key='json_key...', Msg='{"name":...': ✅
Key='🔐SecretK...', Msg='Message ...': ✅
Key='QWxhZGRp...', Msg='SGVsbG8s...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='long_key...', Msg='long_mes...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', Msg='message_...': ✅
Key='key_with...', M